spring-framework

Commit Graph

Author	SHA1	Message	Date
Brian Clozel	379d2e6da0	Fix location checks for servlet 3 resources SPR-12354 applied new checks to make sure that served static resources are under authorized locations. Prior to this change, serving static resources from Servlet 3 locations such as "/webjars/" would not work since those locations can be within one of the JARs on path. In that case, the checkLocation method would return false and disallow serving that static resource. This change fixes this issue by making sure to call the `ServletContextResource.getPath()` method for servlet context resources. Note that there's a known workaround for this issue, which is using a classpath scheme as location, such as: "classpath:/META-INF/resources/webjars/" instead of "/webjars". Issue: SPR-12432 (cherry picked from commit `1214624`)	11 years ago
Juergen Hoeller	7f1e5a49a4	Polishing (cherry picked from commit `2675ce7`)	12 years ago
Rossen Stoyanchev	3f68cd633f	Apply extra checks to static resource handling - remove leading '/' and control chars - improve url and relative path checks - account for URL encoding - add isResourceUnderLocation final verification Issue: SPR-12354	12 years ago
Juergen Hoeller	d5e4592728	Polishing	12 years ago
Juergen Hoeller	d53b67f5cb	TilesConfigurer defensively expects null from getResources in case of no resources found Also includes order preservation for resource results with Tiles 2 as well as retrieval failure logging with Tiles 3. Issue: SPR-12362 (cherry picked from commit `c8b8dc5`)	12 years ago
Juergen Hoeller	f812998826	Set ResponseStatusExceptionResolver.messageSource in the MVC Java config Issue: SPR-12380 (cherry picked from commit `aa82da8`)	12 years ago
Juergen Hoeller	e819999c08	Polishing	12 years ago
Juergen Hoeller	21f0057990	Polishing	12 years ago
Juergen Hoeller	a4c8e6176c	Consistent attribute documentation/formatting in spring-context and spring-mvc schemas (cherry picked from commit `b5763fe`)	12 years ago
Juergen Hoeller	7cf4a4ed2d	DispatcherServlet's checkMultipart detects wrapped MultipartRequest as well Issue: SPR-12114 (cherry picked from commit `786fd92`)	12 years ago
Juergen Hoeller	0c89279d61	Polishing	12 years ago
Juergen Hoeller	36918d6bb7	Polishing (includes varargs for selected setters)	12 years ago
Juergen Hoeller	214f026ea3	Polishing	12 years ago
Juergen Hoeller	c0a4631fd1	Polishing	12 years ago
Juergen Hoeller	a3ebf13579	SelectedValueComparator defensively handles null values in exhaustiveCompare Issue: SPR-12001 (cherry picked from commit `980f971`)	12 years ago
Juergen Hoeller	fe72fcede5	Polishing (cherry picked from commit `ede2150`)	12 years ago
Juergen Hoeller	983cce22d8	Package javadoc cleanup for web.servlet.mvc, removing outdated references Issue: SPR-11935 (cherry picked from commit `7396210`)	12 years ago
Juergen Hoeller	c033f889bf	Polishing (backported from master) (cherry picked from commit `48f753f`)	12 years ago
Juergen Hoeller	779a6b79eb	Polishing	12 years ago
Juergen Hoeller	99a3e9cacb	Revised ByteArrayOutputStream handling in MarshallingView and co Issue: SPR-11646 (cherry picked from commit `8006696`)	12 years ago
Juergen Hoeller	f93bfa8f84	ResourceHttpRequestHandler explicitly closes a Resource's InputStream Issue: SPR-11644 (cherry picked from commit `3a96f16`)	12 years ago
Juergen Hoeller	b80dc9d642	Polishing Issue: SPR-11262 (cherry picked from commit `d628025`)	12 years ago
Juergen Hoeller	623b1fc0d5	Polishing	12 years ago
Juergen Hoeller	a2bdc284f9	DispatcherServlet logs request URI in encoded form only Issue: SPR-11591 (cherry picked from commit `465ca24`)	12 years ago
Juergen Hoeller	dbd5f67498	Consistently applied appropriate ByteArrayOutputStream initial capacities across the codebase Issue: SPR-11594 (cherry picked from commit `dd7f54c`)	12 years ago
Juergen Hoeller	9585752693	Polishing	12 years ago
Juergen Hoeller	5c0fdb05bd	AbstractFlashMapManager needs to decode parameter names Also includes general alignment with the 4.0.3 versions of AbstractFlashMapManager and FlashMapManagerTests. Issue: SPR-11504	12 years ago
Juergen Hoeller	75e08695a0	Mixed polishing along with recent changes (cherry picked from commit `14e5a02`)	12 years ago
Juergen Hoeller	5da79ebca6	Related polishing Issue. SPR-11428 (cherry picked from commit `9c6df76`)	12 years ago
Juergen Hoeller	bb7a1372c0	Avoid unnecessary getMappingForMethod repeat (in particular for RequestMappingInfo) Issue. SPR-11428 (cherry picked from commit `f913940`)	12 years ago
Juergen Hoeller	7e3c722146	Objects with multi-threaded access should not lazily populate a hash field Issue. SPR-11428 (cherry picked from commit `72fe7eb`)	12 years ago
Juergen Hoeller	4ac4630b0b	Polishing	12 years ago
Juergen Hoeller	85e336e6da	Consistently avoid close() call on Servlet OutputStream Issue: SPR-11413 (cherry picked from commit `5f1592a`)	12 years ago
Juergen Hoeller	b223e6efec	MarshallingView should not close response OutputStream after copying to it MarshallingView also explicitly skips BindingResult when searching for a model object now, implementing common custom subclass behavior out-of-the-box. Issue: SPR-11411 Issue: SPR-11417	12 years ago
Juergen Hoeller	4d2d223b0c	Revised ExcelViewTests	12 years ago
Juergen Hoeller	61ab40cd7a	Upgraded to Commons FileUpload 1.3.1, TestNG 6.8.7, Hibernate 4.2.8, Joda-Time 2.2, Jackson 1.7.9	12 years ago
Juergen Hoeller	4233d0a99e	Removed outdated hibernate3 references across the codebase Issue: SPR-9028 (cherry picked from commit `09e2e58`)	12 years ago
Sebastien Deleuze	a2ec8f864e	Fix EvalTagTests with locales other than English Issue: SPR-11392 (cherry picked from commit `edb0b0e`)	12 years ago
Juergen Hoeller	3af9d1f29b	Consistent iteration over actualValue in Velocity and FreeMarker macros This requires consistent exposure of an actualValue in BindStatus, even if no BindingResult available. Issue: SPR-10837 (cherry picked from commit `4f60b98`)	12 years ago
Juergen Hoeller	2ef39a5666	Consistently declare @SuppressWarnings("serial") instead of dummy serialVersionUID (cherry picked from commit `56b7d7a`)	12 years ago
Juergen Hoeller	5307a87d1a	Polishing Issue: SPR-11357	12 years ago
Juergen Hoeller	341d645d09	Polishing Issue: SPR-11357	12 years ago
Juergen Hoeller	9845d9eb21	Allow consolidating config in root context with Java Issue: SPR-11357 (backported from 4.0.1)	12 years ago
Juergen Hoeller	11ef4308b8	Polishing	12 years ago
Juergen Hoeller	e0f9a85955	Locale/ThemeChangeInterceptor alignment and javadoc polishing Issue: SPR-11128 (cherry picked from commit `5e5add4`)	12 years ago
Juergen Hoeller	b229d54172	Consistent evaluation of empty theme names to default theme name Issue: SPR-11128 (cherry picked from commit `cc81aae`)	12 years ago
Juergen Hoeller	5fb2665d1c	Introduced "globalInitializerClasses" next to the existing "contextInitializerClasses", applying to FrameworkServlets as well Issue: SPR-11314 (cherry picked from commit `91881ff`)	12 years ago
Juergen Hoeller	0606c98277	Polishing (along with the Tiles 2.2.2 upgrade in the Spring 4.0 line) Issue: SPR-11285	12 years ago
Juergen Hoeller	6045914057	Polishing	12 years ago
Juergen Hoeller	c48da0d9a4	Avoid hard reference to LocalValidatorFactoryBean in <mvc:annotation-driven> parser Issue: SPR-11272	12 years ago

1 2 3 4 5 ...

267 Commits (379d2e6da0cf4e1d8009111920b7df8e40496e1f)